Nessus Prior to 10.7.3: Secure Permissions for Sub-Directories Not Enforced
CVE-2024-3289

7.8HIGH

Key Information:

Vendor: Tenable
Status: Nessus
Vendor: CVE Published:; 17 May 2024

What is CVE-2024-3289?

A security flaw exists in Nessus software, where installations made to directories outside of the default location on Windows systems prior to version 10.7.3 did not implement secure permissions for sub-directories. This vulnerability can lead to local privilege escalation if directory permissions are not properly configured by the user. It underscores the importance of securing installation paths adequately to prevent unauthorized access and elevation of privileges in environments using Nessus.

Affected Version(s)

Nessus Windows 0

References

https://www.tenable.com/security/tns-2024-08

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 17, 2024

Tenable

What is CVE-2024-3289?

Affected Version(s)

References

CVSS V3.1

Timeline